Editor’s Note: Before COVID-19, digital health was starting to take hold as the wave of the future for the practice of medicine. Since the declaration by the then Secretary of Health & Human Services (HHS) of the Public Health Emergency [PHE] on Jan. 31, 2020, telehealth has increased exponentially, in large measure due to Congress and the Centers for Medicare & Medicaid Service’s (CMS’s) expansion of coverage for telehealth services in the Medicare and Medicaid populations. Telehealth services continued to soar for the privately insured population as well. The prevalent view is that telehealth will remain an integral part of our health care system post-PHE and may even continue to grow. In a new article for the Law Journal Newsletters’ Business Crimes Bulletin, summarized below, Manatt examines how criminal and civil enforcement focused on fraud committed using, or furthered by the use of, telehealth will likely be expanding—particularly given the dollars that a regulator can bring in for fraud or noncompliance. With the federal government’s need to pay for significant post-COVID-19 relief programs, a fraudster’s profit in the telehealth space could serve as an easy source of funding. Click here to read the full article.
Telemedicine Fraud Enforcement Actions
Even prior to the PHE, the U.S. Department of Justice (DOJ) led several significant telehealth fraud enforcement actions. Following these cases, one can see how telemedicine is beginning to impact the telemarketing fraud schemes prosecuted in the past where telemarketers recruited and paid Medicare patients while the doctors wrote scripts without necessarily meeting—or having only cursory meetings—with the patients. The patients, therefore, had to be, at the very least, in the same state as the prescribing doctor so as not to immediately raise alarms. In some of the more recent cases, the telemarketing companies recruited the Medicare patients, but the doctors, having met with the patients via telemedicine, may have been hundreds of miles away from the patients, depending on the individual state’s rules and regulations. That in and of itself should not be a marker, but the size of the patient pool and the commensurate dollars to be gained in terms of potential penalties and damages are increased significantly where telemedicine is part of the fraudulent scheme. Examples include:
- In April 2019, the DOJ charged 24 defendants, including CEOs and COOs of telemedicine companies, owners of durable medical equipment (DME) companies and medical professionals, as a result of its Operation Brace Yourself. (See “Federal Indictments & Law Enforcement Actions in One of the Largest Health Care Fraud Schemes Involving Telemedicine and Durable Medical Equipment Marketing Executives Results in Charges Against 24 Individuals Responsible for Over $1.2 Billion in Losses,” Department of Justice, April 9, 2019.) Allegedly resulting in over $1.2 billion in losses, the alleged scheme entailed DME companies providing kickbacks to physicians working with telemarketing companies in exchange for the physicians prescribing DME for Medicare patients “recruited” by the telemarketing companies. Id.
- In September 2019, the DOJ announced Operation Double Helix, a takedown of 35 individuals and involving dozens of telemedicine companies, individual physicians and several purported genetic cancer testing laboratories for participating in an alleged health care fraud scheme that resulted in over $2.1 billion in losses. (See Federal Law Enforcement Action Involving Fraudulent Genetic Testing Results in Charges Against 35 Individuals Responsible for Over $2.1 Billion in Losses in One of the Largest Health Care Fraud Schemes Ever Charged, Department of Justice, Sept. 27, 2019.) The alleged scheme again involved the telehealth companies locating Medicare beneficiaries, but here, instead of DME companies paying doctors to prescribe DME, the doctors shared in the Medicare reimbursement the purported labs received for the genetic cancer testing prescribed via telehealth sessions. The charges ranged from conspiracy to commit wire fraud to health care fraud to kickbacks and money laundering. And that does not take into account the administrative action taken by CMS’s Center for Program Integrity against the companies and individuals who, in total, allegedly submitted $1.7 billion in claims to Medicare. Supra fn. 9.
- In October 2020, the DOJ announced its third major takedown alleging health care fraud committed with the help of telemedicine, this one involving more than $1.5 billion in fraudulent billings. Here, the telemedicine executives paid doctors and nurses to order allegedly unnecessary DME, testing and pain medications. The submissions to Medicare suggested telemedicine was involved but, as alleged, the doctors’ decisions were actually based on a short phone call or no interaction whatsoever.
Recurring Theme: Patients Are Far From Physicians
The recurring theme in many of the indictments is that the patients were located many miles—often in different states—from the physicians ordering the DME and the cancer tests, as may be the case with telemedicine. In addition to the kickbacks—the main premise of the DOJ’s argument that the claims were fraudulent—the charging documents suggest that the DOJ’s view is that the telemedicine aspect of the consultations called into question the doctor’s ability to render medical advice and be able to meet the requirements for Medicare coverage of diagnostic testing and DME geared to support medical necessity, without which there can be no reimbursement.
But what if a doctor meets briefly with a new patient via telehealth and can see quickly DME is needed? Will the fact that she is in a different state from the patient call into question the prescription? Is a physician at risk of coming under the DOJ’s watchful eye simply for prescribing a diagnostic test, particularly one, like genetic testing, that relies in large measure on the patient’s family history, something that can be discussed during a telehealth visit?
Key Takeaway: Know the Rules
The rapid rise in telehealth usage has created an environment where many companies and providers are not equipped with sufficient knowledge and procedures to provide “proper” telehealth services. Companies and providers will want to ensure the necessary protocols and procedures are in place to ensure compliance. For starters, a proper compliance program is essential for maintaining correct practices and quality oversight of internal operations. Companies will want the lead members of their compliance programs to meet regularly and incorporate essential telehealth-related trainings for all employees, staff members and providers. Similarly, the use of data is an important tool in tracking when and where major outliers may occur and catching fraud at its source.
But most important is for companies and providers to continue educating themselves on the changing environment and the updated rules and requirements related to telemedicine, including in each state in which the company or provider operates. Doing so will allow the organization and individuals to better protect themselves from bad actors and unintentional noncompliance.